package com.cib.walrus.commons.utils;


import java.util.LinkedList;
import java.util.List;

/**
 * web安全验证工具类
 */
public class WebSecurityVerifyUtils {

    public static boolean existXSSAttack(String str) {
        // TODO
        return false;
    }

    /**
     * 判断字符串参数是否可能存在SQL注入
     */
    public static boolean existSqlInject(String str) {
        // TODO
        return false;
    }

    /**
     * 判断访问路径是否存在路径遍历
     */
    public static boolean existPathScan(String path) {
        List<String> illegalPathList = WebSecurityVerifyArgs.illegalPathScanList;
        for (String illegalPath : illegalPathList) {
            if (path.contains(illegalPath)) {
                return true;
            }
        }
        return false;
    }

    private static class WebSecurityVerifyArgs {

        /**
         * 非法的路径遍历字段
         */
        public static List<String> illegalPathScanList;

        static {
            illegalPathScanList = new LinkedList<>();
            illegalPathScanList.add("..");
            illegalPathScanList.add("/../");
        }

    }

}
